Security issues in mobile edge computing
At present, the research on edge computing security and privacy protection is still in its infancy , There are few research results . among , A feasible research idea is to transplant the existing security technologies in other related fields to the edge computing environment .
One 、MEC The difference under traditional security protection
1) Authentication security
MEC The network contains a large number of geographically dispersed Internet of things devices , Because the equipment is electrifying 、 There are various restrictions on processing and storage , Network device authentication has become a huge challenge . Due to the resource limitation of IOT devices , Traditional use of certificates and public Key infrastructure (PKI) The authentication mechanism is no longer applicable .MEC Nodes often join or leave dynamically MEC The Internet , When new nodes connect ( or Leave ) When the network , Need to ensure uninterrupted service to registered end users . Nodes must be able to validate each other's newly formed MEC The Internet . Besides ,MEC Nodes also need to restrict or reject service requests from malicious or compromised nodes .
2) Communication security
MEC The equipment communication in the network mainly includes the Internet of things equipment and MEC Communication between nodes and MEC Communication between nodes , Usually , Many devices can be used with MEC Anything in the network MEC Node communication , request MEC Nodes respond to processing or storage requests . But actually , Internet of things devices may not be clear MEC The existence of the Internet , therefore , Messages sent by Internet of things devices cannot use symmetric encryption technology , Asymmetric key encryption also has many challenges . MEC Communication between nodes requires end-to-end security , Because the nodes involved in multiple paths cannot be fully trusted .
3) Privacy security
MEC The computing power of distributed nodes can reduce the total pressure of the data center , however , Adjacent to the end user MEC Nodes may collect information about user identities 、 Location 、 Sensitive data for application usage, etc . in addition , because MEC Large area dispersion of nodes , Centralized control is very difficult , Edge nodes with poor security may become intruders MEC The entrance to the Internet , Once the intruder enters the network , We can mine and steal the privacy data that users exchange between entities .
New challenges ：
1) The new requirements of lightweight data encryption and fine-grained data sharing based on multi authorized parties in edge computing .
Because edge computing is a kind of computing mode that integrates multi trust domains with authorized entity as the trust center , The traditional data encryption and sharing strategy is no longer applicable . therefore , It is very important to design a data encryption method for multiple authorization centers , At the same time, the complexity of the algorithm should be considered .
2) Distributed computing environment of multi-source heterogeneous data dissemination control and security management issues .
In the era of edge big data processing , The amount of information produced by network edge devices is increasing explosively . Users or data owners hope to adopt effective information dissemination control and access control mechanism , To achieve data distribution 、 Search for 、 The scope of authorization to acquire and control data . Besides , Due to the outsourcing nature of data , Its ownership and control are separated from each other , Therefore, an effective audit verification scheme can ensure the integrity of the data .
3) The security challenges between large-scale interconnection services of edge computing and resource constrained terminals .
Due to the multi-source data fusion characteristics of edge computing 、 Mobile and Internet overlay and edge terminal storage 、 Resource constraints in terms of computing and battery capacity , Make the traditional more complex encryption algorithm 、 Access control measures 、 Identity authentication protocols and privacy preserving methods are not applicable in edge computing .
4） Diversified services for the Internet of things and the new requirements of efficient privacy protection by edge computing mode .
The massive data generated by network edge devices involves personal privacy , It makes the privacy security issue more prominent . In addition to the need to design valid data 、 Location and identity privacy protection , How to combine the traditional privacy protection scheme with the edge data processing features in the edge computing environment , It is the future research trend to protect the privacy of users in a variety of service environments .
Two 、 Security threats
1. Network infrastructure security threats
1) Denial of service attacks (Denial of Service,DoS).
2) Man-in-the-middle attack (Man in the Middle,MITM)
3) Fake gateway
2. Edge data center security threats
1) Privacy leaks
2) Permission to upgrade
3) Service operation
4) Rogue Data Center
5) Physical damage
3. Edge infrastructure security threats
1) Privacy leaks
2) Service operation
3) Rogue infrastructure
4. Virtualization infrastructure security threats
1) Denial of service
2) Abuse of resources
3) Privacy leaks
4) Permission to upgrade
5. User device security threats
1) Information Injection
2) Service operation
3、 ... and 、 Defense strategy and corresponding research direction
The main means of encryption are attribute based encryption (ABE)、 Proxy re encryption (PRE) and Fully homomorphic encryption (FHE) Algorithm .
The literature ：【4】【5】【6】
The research direction is prospected ：
Data encryption technology provides an effective solution to ensure the data security in various computing modes . In the open edge computing environment , How to combine traditional encryption scheme with parallel distributed architecture in edge computing 、 Limited terminal resources 、 Edge big data processing 、 Highly dynamic environment and other characteristics of organic combination , Achieve lightweight 、 Distributed data security protection system is the key research content in the future .
1) In terms of data confidentiality and secure data sharing , Combined with attribute encryption 、 Proxy re encryption and homomorphic encryption and other applications of encryption theory , How to design low delay 、 It is an important research idea to support dynamic operation of distributed secure storage system and correctly handle the coordination between network edge devices and cloud center .
2) In terms of data integrity audit , One of the main research purposes is to achieve various audit functions while improving audit efficiency and reducing verification overhead . secondly , The design of integrity audit scheme supporting multi-source heterogeneous data and dynamic data update is expected to become the focus of future research .
3) In terms of searchable encryption , First , How to construct a keyword based search scheme in distributed storage service model , It is a feasible research idea to further expand to the edge computing environment ; secondly , How to achieve fine-grained search permission control in secure multi-party sharing mode , Make it suitable for multi-user search environment of different trust domains at the same time , Ensure the speed and accuracy of the search . Last , in the light of Distributed ciphertext data storage model in edge computing , How to construct security index efficiently and make it suitable for resource constrained network edge devices and design distributed searchable encryption algorithm is an urgent problem .
2. Identity Authentication
Unified certification 、 Cross domain authentication 、 Switch Authentication
The literature ：【7】
The research direction is prospected ：
At present , Most of the researches on identity authentication protocols are based on the existing security protocols , Including the flexibility of the agreement 、 Efficiency 、 Energy saving and privacy protection . In edge calculation , The research of identity authentication protocol should learn from the advantages of existing schemes , At the same time, it combines distributed computing in edge computing 、 Mobility, etc , Strengthen unified certification 、 Research on cross domain authentication and handover authentication technology , In order to ensure the data and privacy security of users in different trust domains and heterogeneous network environment .
Because edge computing is a multi entity and multi trust domain coexist Open dynamic system of , Therefore, the identity between the domain and the authentication protocol should be considered . The specific research content includes cross domain authentication and switching authentication of the same entity between different trust domains ; Identity authentication and mutual authentication of different entities in the same trust domain ; Last , In the implementation of lightweight authentication at the same time, taking into account the anonymity 、 integrity 、 Traceability and batch certification are also important research points .
3. Access control
The literature ：【8】
The research direction is prospected ：
In principle, the access control system in edge computing should be suitable for multi entity access control between different trust domains , At the same time, various factors such as geographical location and resource ownership should be considered . therefore , Design a fine-grained 、 Dynamic 、 Lightweight and multi domain access control mechanism is the next research focus , The efficient access control method based on attributes and roles should be more suitable for edge computing environment .
1) Support cross-domain 、 Hierarchical access control scheme across groups , Fine grained access control from single domain to multi domain , At the same time, meeting the design objectives and resource constraints will be an important research direction in the future .
2) Illegal authorization in cross domain access control 、 Access conflicts and key management 、 There are still many problems to be solved in policy management and attribute management .
4. Security protocols
Four 、 Summary of potential research directions
l 1. Data privacy in collaborative computing
l 2. The combination of traditional encryption scheme and distributed architecture
l 3. Edge computing multi entity authentication protocol
l 4. Security and low delay data sharing
l 5. Location privacy in edge computing
l 6. Malware detection in edge computing environment
【1】 Cao mi , Frank xu lei , to cultivate . Mobile edge computing security issues and research recommendations [J]. Information and communication technology , 2019, 13(001):67-75.
【2】 Zhang Jiale , Zhao Yanchao , Chen Bing , etc. . Research on data security and privacy protection of edge computing review [J]. Journal of Communications ,2018(3):1-21
【3】Roman R, Lopez J, Mambo M. Mobile edge computing. A survey and analysis of security threats and challenges [J]. Future Generation Computer Systems, 2018, 78: 680-698
【4】ZUO C, SHAO J, WEI G Y, et al. CCA-secure ABE with outsourced decryption for fog computing[J]. Future Generation Computer Sys- tems, 2018, PP(78): 730-738.
【5】KHAN A N, ALI M, KHAN A U R, et al. A comparative study and workload distribution model for re-encryption schemes in a mobile cloud computing environment[J]. International Journal of Communication Systems, 2017, 30(16): e3308.
【6】LOUK M, LIM H. Homomorphic encryption in mobile multi cloud computing[C]//The 25th International Conference on Information Networking (ICOIN’15). 2015: 493-497.
【7】YANG X, HUANG X Y, LIU J K. Efficient handover authentication with user anonymity and untraceability for mobile cloud computing[J]. Future Generation Computer Systems, 2016, 62(C): 190-195.
【8】JIN Y, TIAN C, HE H, et al. A secure and lightweight data access control scheme for mobile cloud computing[C]//The 5th International Conference on Big Data and Cloud Computing (BDCloud’15). 2015: 172-179.